You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

ESET Blocks sync.madnet.ru when specifically visiting reddit?

Hello everyone. Trying my best to keep my computer clean, but I just wanted a second opinion on this. I've noticed since todag, whenever I visit reddit.com, my ESET antivirus blocks a connection to sync/madnet/ru (replace / with .). This doesn't seem to occur on other sites, but after a run of Adware cleaner, it seems that I had something by the name of Adware.Pokki on Explorer, which I never use in favor of chrome. I'm currently running antivirus scans on the machine, but does anyone have advice on what else I could do? Thanks!

With most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features (Add/Remove Programs) in Control Panel as explained here or an alternative third party uninstaller like Revo Uninstaller. In many cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings.

After uninstallation, then you can run specialized tools like Malwarebytes 3.0, Emsisoft Emergency Kit, Hitman Pro, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find. These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants. They also remove related files and folders wherever they hide...to include those within the AppData folder and elsewhere.

Hey quietman7. Nice to hear from you again. I've done some digging around in the Quarantine file for AdwCleaner, and it seems that what it thought was Adware.Pokki was actually a registry key for my HP Power software on my laptop. If you'd be willing, I'd like to upload the quarenting file here so that someone could verify it, as I've never installed Pokki, have JavaScript disabled when browsing, and did not had Adware.Pokki when I last scanned, after which I shut down the laptop and didn't touch until two days ago. I've had AdwCleaner trigger on my laptop's pre-installed software before, so maybe it's the same issue.

On another note, I haven't got the popular on any other machine I've visited reddit with. When I get back to my laptop tomorrow, I'll check to see if the problem continues. Would you know what sync.madnet.ru is? My Google tells me it's something to do with ads?

Hey quiteman7. ESET still blocking sync.madnet.ru whenever I visit reddit, but I'm just not entirely sure why. I screen-capped the warning, along with the certificate information. I can't figure out how to attach it to this post, though, but for a summary of the information:

- Google Chrome is trying to communicate over a channel encrypted with an untrusted certificate

- It cannot guarantee that the contacted server (sync.madnet.ru) is legitimate, or if it is masquerading as this server.

- The certificate was issued to madnetex.com.

- The certificate was issued by Let's Encrypt Authority X3.

- The certificate was valid from 4/22/2017 to 7/21/2017.

This issue still only happens on reddit.com, so I'm just not sure why it's happening. I would think any normal Adware would try to run on any website rather than one specifically. Also, the Quarantine file by AdwCleaner was a registry key, not an actual file, so I can't really upload it directly. Searching for the key looks like something for windows Start Menu pins, and if I open it in notepad, though, it looks like it blocked "H P P o w e r A s s i s t a n t . l n k" and "H P C M S h o r t c u t . l n k".

I was referring to submitting possible false file detections to an online services that analyzes suspicious files more as a future reference in case you were not familiar with doing that.

The removal of a registry key may or may not have an adverse affect on installed software...it really depends on what that key was for. Reinstalling the software would correct any issues. However, it AdwCleaner detected it once it most likely will detect it again. As such you may want to report this issue at the official Malwarebytes AdwCleaner Forum so the research team can investigate...be sure to include the log file.

As for ESET still blocking sync.madnet.ru whenever going to reddit, that too you may want to report to their support folks so they can investigate and determine what is going on.

Sorry if I seemed confused. I've used online file scanners in the past for help. I just thought you were saying to put a registry key up there. I've also gone ahead and posted on the ESET support forums for more help, but haven't gotten the topic approved yet, what with the CCleaner issue as of late. Following Bleeping Computer for CCleaner downloads saved my butt on this issue. Also, the removal of the keys doesn't seemed to have effected the software much.

Aside from that, is there anything else I can do just to make sure my system is all okay? Still having issues on reddit, and I've run continuous ESET and MalwareBytes scans, in addition to AdwCleaner. Any other advice, or just someway to make sure everything seems okay? Thanks for the help so far.